chiark
/
gitweb
/
~mdw
/
disorder
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
ac169f8
)
Reject unwanted PATH_INFO per the RFC.
author
rjk@greenend.org.uk
<>
Fri, 11 Jan 2008 12:00:55 +0000
(12:00 +0000)
committer
rjk@greenend.org.uk
<>
Fri, 11 Jan 2008 12:00:55 +0000
(12:00 +0000)
server/cgimain.c
patch
|
blob
|
blame
|
history
diff --git
a/server/cgimain.c
b/server/cgimain.c
index 5f83e7a64e943af0952970457350e1d42f3fc6a2..674e9c7827c00203d180f3e7bc9b2179ce656bdd 100644
(file)
--- a/
server/cgimain.c
+++ b/
server/cgimain.c
@@
-78,6
+78,15
@@
int main(int argc, char **argv) {
struct cookiedata cd;
if(argc > 0) progname = argv[0];
struct cookiedata cd;
if(argc > 0) progname = argv[0];
+ /* RFC 3875 s8.2 recommends rejecting PATH_INFO if we don't make use of
+ * it. */
+ if(getenv("PATH_INFO")) {
+ printf("Content-Type: text/html\n");
+ printf("Status: 404\n");
+ printf("\n");
+ printf("<p>Sorry, PATH_INFO not supported.</p>\n");
+ exit(0);
+ }
cgi_parse();
if((conf = getenv("DISORDER_CONFIG"))) configfile = xstrdup(conf);
if(getenv("DISORDER_DEBUG")) debugging = 1;
cgi_parse();
if((conf = getenv("DISORDER_CONFIG"))) configfile = xstrdup(conf);
if(getenv("DISORDER_DEBUG")) debugging = 1;
@@
-111,7
+120,6
@@
int main(int argc, char **argv) {
}
}
disorder_cgi_login(&s, &output);
}
}
disorder_cgi_login(&s, &output);
- /* TODO RFC 3875 s8.2 recommendations e.g. concerning PATH_INFO */
disorder_cgi(&output, &s);
if(fclose(stdout) < 0) fatal(errno, "error closing stdout");
return 0;
disorder_cgi(&output, &s);
if(fclose(stdout) < 0) fatal(errno, "error closing stdout");
return 0;
~mdw / disorder / commitdiff